Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Block Domain Names In IPTABLES

Status
Not open for further replies.

gczman

ISP
Jun 3, 2008
16
US
I was wondering if there is any way to block domain names using IPTABLES?? Or do I need to use a different firewall solution to be able to do that?
 
BLock domain names from doing what? coming in, going out, specific protocols/ports, specific days? what is it you want?

D.E.R. Management - IT Project Management Consulting
 
From the man:
man iptables said:
... Address can be either a network name, a hostname (please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea), a network IP address (with /mask), or a plain IP address. ...

You could do it but your DNS server(s) may get DoS'd by the firewall doing all those lookups.

[pipe]

 
And you can't block entire domains like *.microsoft.com and similar, that's what web proxies are for.
 
I was just wanting to block a domain name instead of single ip addresses. This would be incoming on any port.
 
While you may not be able to block a single domain, you could try to look up the IP address(es) in one of iana.net registrars and block the whole ISP range of your offender.

--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--
 
Thanks, looks like that is what I am going to have to do at this point.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top